Bug Watch: Protecting corporate credibility

Bug Watch: Each week vnunet.com asks a different expert from the IT security world to give their views on recent virus and security issues, with advice, warnings and information on the latest threats. This week's expert is Graham Cluley, senior technology consultant at UK antivirus company Sophos.

If you read most of the media reports about the latest and greatest virus you will probably believe that the worst a virus can do is destroy your data.

But is this really a disaster? After all, most companies make backups of important data and if hard disks get wiped, it's inconvenient but recoverable.

Perhaps system administrators should be considering some of the untold dangers of viruses instead, such as damage to company credibility.

For instance, there is a class of virus known as 'data diddlers'. These are viruses which can take your spreadsheets and make occasional and very subtle changes to them. They may simply shuffle numbers around, or multiply every 15th number by 0.95.

Now, imagine you were posting financial data about your company and it had been corrupted in this way. Such corruption may not be noticed for months, and when it finally is seen, you may need to make an embarrassing retraction which could affect how investors view your organisation.

Then there are viruses which, for want of a better term, I will call 'binary blabbers'. These can forward confidential information from your computer to your colleagues, competitors and the general public via your email system. The last thing you want if you are plotting the overthrow of your arch rival competitor, is for a virus to forward your master plan to your intended victim! Who needs industrial espionage when a virus can damage your organisation's confidentiality this way?

Examples such as Happy99 notice when you send an email or make a usenet posting and send themselves at the same time.

If you search on Deja.com you will see hundreds of companies that have accidentally spread this virus. So how do you know? Because their virus-infected postings are there for anybody to see, with clear details of who sent it and when. It is very hard for companies to deny they have spread a virus in this way, and you can imagine the damage this can do to a company's reputation.

Finally, there are those companies who have simply not kept their antivirus software up to date, or not followed safe computing practices and sent customers a virus directly.

In August last year, Fuji Bank sent a document to investment partners regarding its forthcoming merger with the Industrial Bank of Japan and Dai Ichi Kangyo Bank. But when investors opened the document a messagebox popped up informing them they were "big stupid jerks". Not the best way to get investors to reach into their pockets.

If you sent a virus to one of your largest customers would you ever be able to recover your reputation? It can be seen that the costs of recovering your credibility as a company due to a virus can be much greater than simply restoring destroyed data from a backup.

So, what can be done? Clearly, good up-to-date antivirus software is a must, but it isn't a 100 per cent solution. Companies should consider implementing 'safe hex' procedures and rules to further reduce their chances of being hit by a virus. The good news is that these rules and procedures can be put in place without giving any money to antivirus companies.

Next edition: 6 October